OWASP Edmonton

Welcome to the Edmonton chapter homepage. The chapter leader is Robert MartinClick here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Local News

Note we return to Telus Plaza for the February meeting.

Our chapter's next meeting will take place Tuesday, February 27, 2007 at 6:00 PM at the Telus Plaza North Tower. Please meet us in the building's lobby before 6:00 so that we can escort you to the boardroom. The meeting will be over by 7:15. This map guides you to Telus Plaza North.

Web applications have become the most significantly exposed, and
vulnerable, software systems on an organization's network. Thousands
of lines of custom application code lovingly interfacing with a pile
of third-party middleware that's herding data to and from what is
likely an installation of a major database, and all of this is
supporting critical business processes handling yours, and others,
sensitive data. Hopefully you've spent a little time and some honest
effort on reducing security defects in your applications (I see each
of your devs has the OWASP Top 10 taped to their cubicle wall) and
your network guys are seasoned warriors, so everything is solid. Now,
what happens when, not if, you have an incident involving your web
app?

This talk is going to bring the concepts surrounding building a
defensible network into the realm of designing web application
architectures. We will be doing some drawing, and there will be
network devices in our diagrams. We'll discussed defending deployed
web applications, how they are different and what issues that
raises... We'll discuss the implications of such things as when the
OWASP guide say, "By default, no unencrypted data should transit the
network" and we'll discuss how we might be able to get to a position
where we can start to think about having the ability to effectively
respond to a web app incident.